Thanks a lot David for this detailed feedback. This is very helpful to the editors.
On 16 Dec 2011, at 14:49, David Chadwick wrote:
> Comments on WebID 1.0 (Draft 6 Dec 2011)
> David Chadwick, 13 Dec. 11
> 1. We need a section called Trust Model which summarises the trust that is needed in the system. See Appendix 1 for suggested text.
thanks, that is very useful to know.
> 2. We need to add definitions of Identification Agent, TLS Agent and WebID Verifier to section 1.2
- "Identification Agent" needs to be removed I think and replaced by "Client" and perhaps "Subject" at one point.
This was the old terminology I found made the document very difficult to read before. And I must have forgotten to remove it
everywhere
- "TLS Agent" is used as a synonym for "TLS Service".
Question: should I use TLS Agent, TLS Service, or have both?
- "WebID Verifier" is defined as synonym of "Verification Agent" in the definitions. I found it useful for a few terms to have
Synonyms, so that the language did not become too wooden.
> 3. Subject definition contains a couple of errors: princiap -> principal, and lisibility is not an English word, use readability instead.
Thanks! Easy fix.
> 4. Why does Key Chain Agent have this name it does? Specifically, why is Chain in the name as its functionality does not seem to involve building or verifying certificate chains. Wouldnâ€™t Key Ring Agent or Key Store Agent of simply Key Agent be better?
No idea which would be better. In this case I just chose the first one that came to mind. Keychain, probably came to mind because the Apple tool that stores all keys is called the Keychain.app . There the image is clearly of a chain of keys people could have in their pockets, not the chain of certificates.
But I had not thought of the TLS association of key chain with certificate chains. So given that we are speaking to TLS people here one of those other terms may be better. A bit difficult to tell. We'll try to work that out.
> 5. The definition of Guard is not quite correct. Suggest change to â€œ..and decide if it needs to be authorised by looking at the access control rules. If the client needs to be authorised, it can first request identification and authentication and use the WebID Verifier to compete the identity checks. Finally it checks the access control rules to either grant or deny access.â€